Object Descriptors & Property Flags

What security pattern does this code demonstrate?

const API_KEY = Symbol('apiKey');

class Service {
  constructor(apiKey) {
    Object.defineProperty(this, API_KEY, {
      value: apiKey,
      writable: false,
      enumerable: false,
      configurable: false
    });
  }
  
  request(endpoint) {
    return fetch(`${endpoint}?key=${this[API_KEY]}`);
  }
}

Encryption of API keys
Network security
Hidden property with controlled access
This code demonstrates a hidden property with controlled access security pattern: 1) It uses a Symbol as a property key, making it non-discoverable through normal property enumeration, 2) The property is non-enumerable, so it won't appear in Object.keys() or for...in loops, 3) It's non-configurable and non-writable, preventing tampering, 4) The Symbol is held in a closure variable, not exposed globally, 5) This approach makes the API key harder to access accidentally or intentionally, 6) The property is still accessible within the class for legitimate use, 7) While not perfect security (nothing in JavaScript is), it's a good pattern for protecting sensitive configuration data.
Authentication flow

Next Question (36/40)